Page 27 of 382 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

A vulnerability in a Virtualization Manager (VMAN) related CLI command of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific VMAN CLI command on the affected device. An attacker who has administrator access to an affected device could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges, which may lead to complete system compromise. Una vulnerabilidad en un comando de la CLI relacionado con Virtualization Manager (VMAN) del software Cisco IOS XE, podría permitir a un atacante local autenticado ejecutar comandos arbitrarios en el sistema operativo Linux subyacente con un nivel de privilegio de root. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-vman-cmd-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.6EPSS: 0%CPEs: 118EXPL: 0

A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Una vulnerabilidad en Unified Threat Defense (UTD) en el Software Cisco IOS XE, podría permitir a un atacante remoto no autenticado causar que un dispositivo afectado se recargue. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-utd • CWE-20: Improper Input Validation •

CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0

A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. Una vulnerabilidad en la funcionalidad Raw Socket Transport del software Cisco IOS XE, podría permitir a un atacante remoto no autenticado desencadenar una recarga de un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-rawtcp-dos • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 87EXPL: 0

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected device can be configured to not verify the digital signatures of system image files during the boot process. An attacker could exploit this vulnerability by abusing a specific feature that is part of the device boot process. A successful exploit could allow the attacker to install and boot a malicious software image or execute unsigned binaries on the targeted device. Una vulnerabilidad en la funcionalidad de Comprobación de Imagen del Software Cisco IOS XE, podría permitir a un atacante local autenticado instalar y arrancar una imagen de software malicioso o ejecutar archivos binarios sin firmar en un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-iosxe-digsig-bypass • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 9.0EPSS: 77%CPEs: 139EXPL: 0

Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en la interfaz de usuario basada en web (UI web) del software Cisco IOS XE, podrían permitir a un atacante remoto autenticado ejecutar comandos con privilegios elevados en el dispositivo afectado. Para más información sobre estas vulnerabilidades, consulte la sección de Detalles de este aviso. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-webui-cmd-injection • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •